The security folks who call themselves “creative hackers” over at Gnucitizen have announced that they have discovered a security flaw in Adobe Reader which will allow someone to remotely run programs on your Windows PC.
Said chief creative hacker “pdp” (‘Petko D. Petkov’), “I am closing the season with the following HIGH Risk vulnerability: Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box. Completely!!! Invisibly and unwillingly!!! All it takes is to open a PDF document or stumble across a page which embeds one.”
PDFs have become the mainstay of document transmission for many businesses, and so a security hole exploit has the potential to impact millions of businesses. While the flaw and its attendant exploit have been proven by the Gnucitizen folks with Adobe Reader 8.1 and Windows XP SP2, they say that it affects previous versions as well.
Gnucitizen has posted a video which demonstrates the flaw being exploited, although in this instance – for purposes of example only – the flaw is used to cause the Windows calculator program to be run when the PDF is opened. Another PDF is used to cause the Notepad program to run. Obviously, a criminal exploiting this flaw would be running a much more malicious program on your computer.
Here’s the video:
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
So what should you do when you get an unexpected PDF file? Well, until Adobe issues a patch, use another program to open your PDF files.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
Since this is an “Adobe” issue; is it not possible that a hack could be created to attack any OS platform on which it lands?
Is there a connection between this and the “benign” PDF’s circulating around emails for the last quarter?
Back a few months ago, we were told that, since the contents were in PDF, all they were considered to be was spam. Was this an error? Or were people being conditoned to be less wary of PDF’s before the punch was scheduled to be rolled out?
I was told that there was no risk to those who simply use the free reader. One must have the full Acrobat software installed. Which is true?